Open Vlix opened 3 years ago
cdepillabout
commented
3 years ago It sounds like this could be a good first issue. The amount of modifications that would need to be done in our code-base are probably pretty small (although you would need to take time to understand the recommendations from the PDF).
Vlix
commented
3 years ago I've found a library that might help with allowing Unicode: https://hackage.haskell.org/package/unicode-transforms Not sure it "normalizes" the given Text to the NIST correct form, but just leaving this here for posterity.
@agentultra shared an interesting PDF of the NIST about how to go about handling and enforcing passwords (memorized secrets) and it has some interesting guidelines that make a lot of sense that could be implemented in the
Data.Password.Validatemodule. (I've only really looked at a bit of chapter 5.1, but there're some good things in there)I'd like to keep this issue open for discussion and coordination when someone wants to pick this up.